ID de Prueba:	1.3.6.1.4.1.25623.1.0.60709
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0144
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0144. The Adobe Reader allows users to view and print documents in portable document format (PDF). Several flaws were found in the way Adobe Reader processed malformed PDF files. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0726) A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack. (CVE-2007-0044) A flaw was found in Adobe Reader's JavaScript API DOC.print function. A malicious PDF file could silently trigger non-interactive printing of the document, causing multiple copies to be printed without the users consent. (CVE-2008-0667) Additionally, this update fixes multiple unknown flaws in Adobe Reader. When the information regarding these flaws is made public by Adobe, it will be added to this advisory. (CVE-2008-0655) Note: Adobe have yet to release security fixed versions of Adobe 7. All users of Adobe Reader are, therefore, advised to install these updated packages. They contain Adobe Reader version 8.1.2, which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0144.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5659 Cert/CC Advisory: TA08-043A http://www.us-cert.gov/cas/techalerts/TA08-043A.html CERT/CC vulnerability note: VU#666281 http://www.kb.cert.org/vuls/id/666281 http://security.gentoo.org/glsa/glsa-200803-01.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813 http://www.redhat.com/support/errata/RHSA-2008-0144.html http://secunia.com/advisories/29065 http://secunia.com/advisories/29205 http://secunia.com/advisories/30840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 http://www.vupen.com/english/advisories/2008/1966/references Common Vulnerability Exposure (CVE) ID: CVE-2007-5663 CERT/CC vulnerability note: VU#140129 http://www.kb.cert.org/vuls/id/140129 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9928 Common Vulnerability Exposure (CVE) ID: CVE-2007-5666 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11161 Common Vulnerability Exposure (CVE) ID: CVE-2007-0044 BugTraq ID: 21858 http://www.securityfocus.com/bid/21858 Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/455801/100/0/threaded http://security.gentoo.org/glsa/glsa-200701-16.xml http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://www.wisec.it/vulns.php?page=9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042 http://securitytracker.com/id?1017469 http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://securityreason.com/securityalert/2090 SuSE Security Announcement: SUSE-SA:2007:011 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://www.vupen.com/english/advisories/2007/0032 XForce ISS Database: adobe-acrobat-pdf-csrf(31266) https://exchange.xforce.ibmcloud.com/vulnerabilities/31266 Common Vulnerability Exposure (CVE) ID: CVE-2008-0655 BugTraq ID: 27641 http://www.securityfocus.com/bid/27641 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299 http://securitytracker.com/id?1019346 http://secunia.com/advisories/28802 http://secunia.com/advisories/28851 http://secunia.com/advisories/28983 SuSE Security Announcement: SUSE-SA:2008:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html http://www.vupen.com/english/advisories/2008/0425 Common Vulnerability Exposure (CVE) ID: CVE-2008-0667 Bugtraq: 20080208 Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (Google Search) http://www.securityfocus.com/archive/1/487760/100/0/threaded http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1 http://www.fortiguardcenter.com/advisory/FGA-2008-04.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9731 http://securityreason.com/securityalert/3625 http://www.vupen.com/english/advisories/2008/0425/references Common Vulnerability Exposure (CVE) ID: CVE-2008-0726 Bugtraq: 20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/488000/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-004.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.